SSL on Tomcat 6.0

0
votes

I've been trying all day to set Tomcat 6.0 up for SSL. I know it shouldn't be that hard. I've followed the Tomcat documentation in creating my own Certificate, configuring the connectors in the server.xml file.

When I go to https://localhost:8443, (8443 is the port I defined in the connector) my certificate does not render on the screen, and my browser tells me that it was unable to make a secure connection to the server and that my client may not have the certificate.

My question is, why isn't my certificate rendering for the user to say "Trust" or "Not"?

3
javatomcatsslhttps
Did your buy your certificate? - Buhake Sindi
I did not buy it. I created it myself using keytool... - curiousgeorge
Just FYI, here is what my connector looks like in server.xml - curiousgeorge
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${user.home}/.keystore" keystorePass="somepassword" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> - curiousgeorge
And where is your keystore file stored? Also, what OS are you using? - Buhake Sindi

3 Answers

1
votes

There's a full documentation on SSL Howto for Tomcat 6. I don't know how far you've gone to setting up your SSL for me to help you.

Make sure that in server.xml in APACHE_HOME/conf has both Connector for port 8080 and 8443 enabled.

1
votes

Do you happen to have a tcnative-1.dll file in apache-tomcat-6.xxx\bin\ folder?

If so, it will not work with your current <Connector/> configuration. Remove the file or rename the extension and restart the tomcat server again.

This is stated in "Edit the Tomcat Configuration File" section of http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

0
votes

I ended up figuring it out.

The issue was regarding to my protocol variable in my Connector:

This is what I had: protocol="HTTP/1.1"

Now I have this: protocol="org.apache.coyote.http11.Http11Protocol"

The only issue now is that chrome or IE won't run the site as HTTPS because i signed the certificate myself and am not a CA.